From 7855c3bec85612d696c1fe31d1818f140a60a327 Mon Sep 17 00:00:00 2001
From: Ludwig Behm <ludwig@behm.me>
Date: Tue, 20 Feb 2024 22:14:56 +0100
Subject: [PATCH] fix write permissions

---
 borg-backup@.service | 4 ++--
 exec_borg.sh         | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/borg-backup@.service b/borg-backup@.service
index 1f3b3a0..266a544 100644
--- a/borg-backup@.service
+++ b/borg-backup@.service
@@ -25,5 +25,5 @@ PrivateTmp=yes
 ReadOnlyDirectories=/
 WorkingDirectory=/tmp
 
-ConfigurationDirectoryMode=550
-CacheDirectoryMode=550
+ConfigurationDirectoryMode=750
+CacheDirectoryMode=750
diff --git a/exec_borg.sh b/exec_borg.sh
index d58ada3..9c66546 100755
--- a/exec_borg.sh
+++ b/exec_borg.sh
@@ -22,11 +22,11 @@ exec systemd-run --quiet --collect --unit=temp-borg-init-sandbox.service \
 	--pipe < /etc/borg/$NAME/borg_passphrase \
 	--working-directory=/tmp \
 	-p "ConfigurationDirectory=borg/$NAME" \
-	-p "ConfigurationDirectoryMode=550" \
+	-p "ConfigurationDirectoryMode=750" \
 	-p "CacheDirectory=borg/$NAME" \
-	-p "CacheDirectoryMode=550" \
+	-p "CacheDirectoryMode=750" \
 	-p "PrivateTmp=yes" \
-	-p "ReadOnlyPaths=/ /etc/borg/$NAME" \
+	-p "ReadOnlyPaths=/" \
 	-p "ReadWritePaths=/root/.ssh/known_hosts" \
 	-p "EnvironmentFile=/etc/borg/$NAME/config.env" \
 	--setenv=BORG_PASSPHRASE_FD=0 \